2018 will be remembered by many in the corporate world as the year the GDPR kicked in. Every organization covered by the EU’s new regulation had a year’s heads up to ensure conformity, yet few today are 100% compliant. However, new data suggests a few good reasons behind businesses’ extra diligence in their approach to this pressing issue.
Last year, Gartner made a rough estimate that more than half of companies covered by GDPR would not be in full compliance on May 25, 2018, the day it took effect. New data unearthed by TrustArc reveals the more worrisome truth – only 20 percent of companies polled in a study commissioned to Dimensional Research said they were fully compliant with the new regulation.
An equally-divided sample
The survey was fielded from June 4 to June 15 to 600 IT and legal professionals in the United States, United Kingdom and non-UK European Union countries, with 200 respondents for each territory. Company staff ranged from 500 to 5,000. According to TrustArc, each geographic group contained the same mix of professionals with legal, information technology and privacy roles, while certain questions were repeated from an August 2017 survey to better gauge trends in GDPR compliance.
Highlights
Some highlights of the results:
Accountability starts with the customer
Notably, most companies said they were motivated more by values and customer expectations, rather than by fear of fines and litigation. From the report:
“Although much has been made in the press about the potentially large fines that could be levied against companies that are not GDPR compliant, respondents were motivated more by a desire to meet customer and partner expectations than by fear of fines or lawsuits. Meeting customer expectations also was the top motivator for companies whether they were highly regulated or not.”
As many of our readers will undoubtedly recall, “accountability” is a key principle at the foundation of the EU’s General Data Protection Regulation. As the UK Information Commissioner’s Office notes, “it makes you responsible for complying with the GDPR and says that you must be able to demonstrate your compliance.”
Apparently, for many companies this impression must first be made on customers and partners, and only later on legislators – a bold but somewhat inescapable approach if disruption is to be kept at a minimum.
Respondents reported being most compliant with updating policies and procedures (27%) and cookie consent management (25%). They were furthest behind with respect to international data transfer mechanisms (16%) and vendor risk management (13%). These results are also, quite visibly, in line with the goal of meeting customer expectations first and foremost.
While maintaining GDPR compliance remains the top priority, the ability to demonstrate compliance is quickly moving up the priority list, respondents said, with some seeking to obtain “GDPR certification” next.
tags
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.
View all postsDon’t miss out on exclusive content and exciting announcements!